Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cloudflare announce keyless SSL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloudflare announce keyless SSL

https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/

Cloudflare says they can provide service to you with SSL without your private key. It sounds to me like a IPSEC/GRE tunnel to your server.

Thanked by 2netomx JustJon

Comments

  • It is a really cool concept but you should read there post fully the put a pretty accurate descrion of it

  • ChuckChuck Member
    edited September 2014

    Next news. Google buys Cloudflare? Looks like every tech company doing good job will be bought by Google.

    Thanked by 1netomx
  • @Chuck said:
    Next news. Google buys Cloudflare? Looks like every tech company doing good job will be bought by Google.

    Doesn't looks like Google. Maybe OVH

  • @wojons said:
    It is a really cool concept but you should read there post fully the put a pretty accurate descrion of it

    At first, I read it on my phone. Couldn't really see the picture. Later, when I look at the picture clearly, I understand what they are doing. But still curious, could Cloudflare know too much about the encrypted content?

    Thanked by 1netomx
  • I would imagine with regards the encrypted content they know the source and destination, if your paranoid it would be possible to sniff the unencrypted traffic.

  • dnwkdnwk Member
    edited September 2014

    What does the SSL premaster and Session Key used for? These two information is what Cloudflare have unencrypted according to the flow chat

  • MaouniqueMaounique Host Rep, Veteran

    Does not look like a revolutionary thing. They simply extend the chain and put the padlock in the premises of the customer so the customer can keep the key private.

  • I would do that using this for sure.

  • duyan13duyan13 Member
    edited September 2014

    But how they are going to prevent Layer 7 based attacks....Since they can't inspects the data packets without decrypting them ?

  • MaouniqueMaounique Host Rep, Veteran
    edited September 2014

    duyan13 said: Layer 7 based attacks

    That is a broad range of possible attacks. depending on what you have in mind, there are ways. The only way that could be compromised is through compromising the machine running the webfront and the actual ssl stack or somehow hijuacking the IP if the admins are really stupid and only use IP based ACLs.
    It is entirely possible a scenario with a compromised web server, but, again, that can happen even if the server is located at home, in the basement, a special safe room with Fort Knox like guarding or even a spaceship orbiting the earth.

Sign In or Register to comment.